Skip to content

Commit

Permalink
Add get_certificate unit_test for alias_cert model cert
Browse files Browse the repository at this point in the history 
Signed-off-by: Wenxing Hou <[email protected]>
  • Loading branch information
@Wenxing-hou @jyao1
Wenxing-hou authored and jyao1 committed Dec 12, 2023
1 parent b2e4c49 commit 3bbcb24
Show file tree
Hide file tree
Showing 3 changed files with 419 additions and 0 deletions.
147 changes: 147 additions & 0 deletions os_stub/spdm_device_secret_lib_sample/cert.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -643,6 +643,153 @@ bool libspdm_read_responder_public_certificate_chain_alias_cert_till_dev_cert_ca
return true;
}

/*This alias cert chain is entire, from root CA to leaf certificate.*/
bool libspdm_read_responder_public_certificate_chain_alias_cert_entire(
uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
size_t *size, void **hash, size_t *hash_size)
{
bool res;
void *file_data;
size_t file_size;
spdm_cert_chain_t *cert_chain;
size_t cert_chain_size;
char *file;
const uint8_t *root_cert;
size_t root_cert_len;
const uint8_t *leaf_cert;
size_t leaf_cert_len;
size_t digest_size;
bool is_requester_cert;
bool is_device_cert_model;

is_requester_cert = false;

/*default is false*/
is_device_cert_model = false;

*data = NULL;
*size = 0;
if (hash != NULL) {
*hash = NULL;
}
if (hash_size != NULL) {
*hash_size = 0;
}

if (base_asym_algo == 0) {
return false;
}

switch (base_asym_algo) {
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
file = "rsa2048/bundle_responder.certchain_alias_entire.der";
break;
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
file = "rsa3072/bundle_responder.certchain_alias_entire.der";
break;
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
file = "rsa4096/bundle_responder.certchain_alias_entire.der";
break;
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
file = "ecp256/bundle_responder.certchain_alias_entire.der";
break;
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
file = "ecp384/bundle_responder.certchain_alias_entire.der";
break;
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
file = "ecp521/bundle_responder.certchain_alias_entire.der";
break;
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
file = "sm2/bundle_responder.certchain_alias_entire.der";
break;
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
file = "ed25519/bundle_responder.certchain_alias_entire.der";
break;
case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
file = "ed448/bundle_responder.certchain_alias_entire.der";
break;
default:
LIBSPDM_ASSERT(false);
return false;
}
res = libspdm_read_input_file(file, &file_data, &file_size);
if (!res) {
return res;
}

digest_size = libspdm_get_hash_size(base_hash_algo);

cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
cert_chain = (void *)malloc(cert_chain_size);
if (cert_chain == NULL) {
free(file_data);
return false;
}
cert_chain->length = (uint16_t)cert_chain_size;
cert_chain->reserved = 0;

/* Get leaf Certificate*/
res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
&leaf_cert_len);
if (!res) {
free(file_data);
free(cert_chain);
return res;
}
res = libspdm_x509_certificate_check(leaf_cert, leaf_cert_len,
base_asym_algo, base_hash_algo,
is_requester_cert, is_device_cert_model);
if (!res) {
free(file_data);
free(cert_chain);
return res;
}

/* Get Root Certificate*/
res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
&root_cert_len);
if (!res) {
free(file_data);
free(cert_chain);
return res;
}

/*verify cert_chain*/
res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
if (!res) {
free(file_data);
free(cert_chain);
return res;
}

/*calculate hash value*/
res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
(uint8_t *)(cert_chain + 1));
if (!res) {
free(file_data);
free(cert_chain);
return res;
}
libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
file_data, file_size);

*data = cert_chain;
*size = cert_chain_size;
if (hash != NULL) {
*hash = (cert_chain + 1);
}
if (hash_size != NULL) {
*hash_size = digest_size;
}

free(file_data);
return true;
}

bool libspdm_read_responder_public_certificate_chain_per_slot(
uint8_t slot_id, uint32_t base_hash_algo, uint32_t base_asym_algo,
void **data, size_t *size, void **hash, size_t *hash_size)
Expand Down
5 changes: 5 additions & 0 deletions os_stub/spdm_device_secret_lib_sample/spdm_device_secret_lib_internal.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,11 @@ bool libspdm_read_responder_public_certificate_chain_alias_cert_till_dev_cert_ca
uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
size_t *size, void **hash, size_t *hash_size);

/*This alias cert chain is entire, from root CA to leaf certificate.*/
bool libspdm_read_responder_public_certificate_chain_alias_cert_entire(
uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
size_t *size, void **hash, size_t *hash_size);

bool libspdm_read_responder_public_certificate_chain_per_slot(
uint8_t slot_id, uint32_t base_hash_algo, uint32_t base_asym_algo,
void **data, size_t *size, void **hash, size_t *hash_size);
Expand Down
Loading

0 comments on commit 3bbcb24

Please sign in to comment.